Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-434 (危险类型文件的不加限制上传) — Vulnerability Class 2015

2015 vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2021-47757 Chikitsa Patient Management System 2.0.2 - 'plugin' Remote Code Execution (RCE) (Authenticated) — Chikitsa Patient Management System 8.8 High2026-01-15
CVE-2021-47758 Chikitsa Patient Management System 2.0.2 - Remote Code Execution (RCE) (Authenticated) — Chikitsa Patient Management System 8.8 High2026-01-15
CVE-2021-47753 phpKF CMS 3.00 Beta y6 - Remote Code Execution (RCE) (Unauthenticated) — phpKF CMS 9.8 Critical2026-01-15
CVE-2025-13062 Supreme Modules Lite <= 2.5.62 - Authenticated (Author+) Arbitrary File Upload via JSON Upload Bypass — Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder 8.8 High2026-01-15
CVE-2022-50893 VIAVIWEB Wallpaper Admin 1.0 - Code Execution via Image Upload — VIAVIWEB Wallpaper Admin 9.8 Critical2026-01-13
CVE-2022-50936 WBCE CMS 1.5.2 - Remote Code Execution (RCE) (Authenticated) — WBCE CMS 8.8 High2026-01-13
CVE-2022-50916 e107 CMS v3.2.1 - Upload restriction bypass (Authenticated [Admin])+ Server file override — e107 CMS 7.2 High2026-01-13
CVE-2022-50912 ImpressCMS 1.4.4 - Unrestricted File Upload — ImpressCMS 9.8 Critical2026-01-13
CVE-2022-50907 e107 CMS v3.2.1 - Admin Upload Restriction Bypass + RCE — e107 CMS 7.2 High2026-01-13
CVE-2022-50898 NanoCMS 0.4 - Remote Code Execution (RCE) (Authenticated) — NanoCMS 8.8 High2026-01-13
CVE-2025-62182 Pega Customer Service Framework versions 8.7.0 through 25.1.0 are affected by a Unrestricted file upload vulnerability, where a privileged user could potentially upload a malicious file. — Pega Infinity 7.2AIHighAI2026-01-13
CVE-2026-0496 Multiple vulnerabilities in SAP Fiori App (Intercompany Balance Reconciliation) — SAP Fiori App (Intercompany Balance Reconciliation) 6.6 Medium2026-01-13
CVE-2026-22799 emlog Arbitrary File Upload Vulnerability — emlog 7.2AIHighAI2026-01-12
CVE-2026-22789 WebErpMesv2 has a File Upload Validation Bypass Leading to RCE — WebErpMesv2 5.4 Medium2026-01-12
CVE-2026-22786 Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal — gin-vue-admin 9.8AICriticalAI2026-01-12
CVE-2026-22783 Iris Allows Arbitrary File Deletion via Mass Assignment in Datastore File Management — iris-web 9.6 Critical2026-01-12
CVE-2025-15503 Sangfor Operation and Maintenance Management System common.jsp unrestricted upload — Operation and Maintenance Management System 7.3 High2026-01-10
CVE-2025-15495 BiggiDroid Simple PHP CMS editsite.php unrestricted upload — Simple PHP CMS 4.7 Medium2026-01-09
CVE-2026-22241 Open eClass has Unrestricted File Upload that Leads to Remote Code Execution (RCE) — openeclass 7.2 -2026-01-08
CVE-2025-67924 WordPress Corpkit theme <= 2.0 - Arbitrary File Upload vulnerability — Corpkit 9.9 Critical2026-01-08
CVE-2025-67910 WordPress Contentstudio plugin <= 1.3.7 - Arbitrary File Upload vulnerability — Contentstudio 9.1 Critical2026-01-08
CVE-2019-25296 WP Cost Estimation <= 9.642 - Missing Authorization to Arbitrary File Upload/Delete — WP Cost Estimation & Payment Forms Builder 9.8 Critical2026-01-08
CVE-2025-15158 WP Enable WebP <= 1.0 - Authenticated (Author+) Arbitrary File Upload — WP Enable WebP 8.8 High2026-01-07
CVE-2025-14842 Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.2 - Unauthenticated Limited Arbitrary File Upload — Drag and Drop Multiple File Upload for Contact Form 7 6.1 Medium2026-01-07
CVE-2026-0643 projectworlds House Rental and Property Listing Signup register.php unrestricted upload — House Rental and Property Listing 7.3 High2026-01-06
CVE-2025-30996 WordPress Themify Newsy <= 1.9.9 - Arbitrary File Upload Vulnerability — Themify Newsy 9.9 Critical2026-01-06
CVE-2023-50897 WordPress Media File Renamer plugin <= 5.7.7 - Arbitrary File Rename lead to RCE vulnerability — Media File Renamer 9.1 Critical2026-01-05
CVE-2025-31048 WordPress Shopo <= 1.1.4 - Arbitrary File Upload Vulnerability — Shopo 9.9 Critical2026-01-05
CVE-2025-15240 Quanta Computer|QOCA aim AI Medical Cloud Platform - Arbitrary File Upload — QOCA aim AI Medical Cloud Platform 8.8 High2026-01-05
CVE-2025-15448 cld378632668 JavaMall MinioController.java upload unrestricted upload — JavaMall 6.3 Medium2026-01-05

Vulnerabilities classified as CWE-434 (危险类型文件的不加限制上传) represent 2015 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.